CERT-In taking 'no chance' from Heartbleed Bug

A cyber security mission led by Indian Computer Emergency Response Team (CERT-In) is underway to
safeguard vital IT infrastructure of the public sector from the Heartbleed bug.

After publishing an advisory to updating solution to the Heartbleed bug on its website, CERT-In,
the national nodal agency for cyber security is taking no chances.

In the last decade, India has implemented US$10bn worth of vital IT projects, including National
e-Governance Plan (NeGP). All are aimed at strengthening governance and service delivery in the
government of India and state governments. So what are the challenges in dealing with the
Heartbleed bug?

Dr Anil Sagar, director of operations at CERT-In at the Ministry of Information Technology and
Communications, said: "Whenever CERT-In observes a cyber threat due to a technical vulnerability or
virus, immediately an advisory is issued and published on CERT-In website. Point of contacts at key
organisations in the government and public sector will also be informed."

CERT-In, headed by director-general Dr Gulshan Rai, has been in operation since January 2004. In
the IT Amendment Act 2008, the CERT-In was designated to serve as the national agency to perform
key functions in the area of security. They include collection, analysis and dissemination of
information on cyber incidents and emergency measures for handling cyber security incidents.

Recently a vulnerability in the implementation of Heartbleed was discovered

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

which is being
exploited by hackers to retrieve sensitive data and user credentials.

On the Heartbleed bug, Dr Gulshan Rai said: "There is no threat to the best of our knowledge. In
fact, it is a vulnerability in heartbeat extension in the OpenSSL cryptographic library, which is a
software component used in the implementation of Secure Socket Layer (SSL) and Transport Layer
Security (TLS) protocols.”

CERT-In has observed there are few vulnerable OpenSSL servers in India affected by this
vulnerability as people are also using proprietary SSL implementations.

IT awareness levels among government institutions and private enterprises are high and competent
to handle cyber threats.

Understanding the importance of the Heartbleed bug, D Divya, Project Director, e-Governance,
department of information technology and communications, government of Andhra Pradesh, said: "The
Department and its team is prepared to handle the bug, if found."

Priyadarsan Roy, CEO of Netzary Infodynamics INC – which handles IT infrastructure of government
organisations – said most of his company's clients in Karnataka State had already taken the
necessary steps of first auditing the servers that might be vulnerable.

At present, the biggest challenge for the government of India, and Indian state governments
where important Mission Mode Projects of NeGP and other IT projects have been implemented, is to
first identify the projects where SSL/TLS encryption is deployed.

Many of these projects implemented through private public partnerships are run and managed by a
consortium of IT companies headed by principal bidders or project partners.

Another challenge is the ongoing elections to parliament. More than half of the government of
India and state government staff are busy with election duty till the end of May.

A better picture on the status of the Heartbleed bug in India will emerge only post-May.

SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.